[
https://issues.apache.org/jira/browse/HBASE-17439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15815871#comment-15815871
]
Gary Helmling commented on HBASE-17439:
---------------------------------------
Can you explain a bit the use-case around why the coprocesor needs an
authentication token? The coprocessor is already running in process with the
regionserver, meaning it has the regionservers krb credentials. What is the
authentication token used for?
> Make authentication Token retrieval amenable to coprocessor
> -----------------------------------------------------------
>
> Key: HBASE-17439
> URL: https://issues.apache.org/jira/browse/HBASE-17439
> Project: HBase
> Issue Type: Improvement
> Components: Coprocessors, security
> Reporter: Ted Yu
>
> In the course of solving HBASE-17435, [~jerryhe] and I noticed that it is
> cumbersome for other coprocessor (such as SecureBulkLoadEndpoint) to retrieve
> authentication Token from region server.
> Currently a Connection is needed to communicate with TokenProvider. Care is
> needed not to introduce dead lock on the server side.
> This JIRA is to investigate feasibility of bypassing Connection /
> TokenProvider in the retrieval of authentication Token for custom
> coprocessor. This involves some refactoring around
> AuthenticationTokenSecretManager.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
